This site may earn affiliate commissions from the links on this page. Terms of use.

During one of the most anticipated Black Hat presentations, IOActive's Ruben Santamarta demonstrated the numerous flaws he discovered in satellite communication systems. Why should you care about Satcom? If you've ever been in an airplane, you should probably care a lot about Satcom.

Satellite communications are used for lots of things, but especially when people are in places beyond the reach of normal communications channels. On a boat, in the wilderness (or a war zone), or in a commercial airplane. They are critical links, but are also expensive and difficult to procure. That didn't stop Santamarta, though he did note that his lab conditions may differ from the real world.

Key to Santamarta's attacks were debugging backdoors, and hardcoded log credentials. Sometimes these credentials were obfuscated in some way, but never enough to stop him from figuring out how to use them. You might think it's a bad idea for companies to include these in their products. Security experts certainly think so, but the industry insists that it's necessary for maintenance.

Now, on with the hacking!

Hacking Air, Sea, and LandSantamarta's attack on satellite radios in airplanes hinges on the fact that there are two linked communication devices onboard aircraft: one for critical communication between the aircraft and the ground and another for passenger entertainment. That is, movies and Wi-Fi.

Santamarta said that he'd found exploits that should allow him to take over the whole radio system through it's own Wi-Fi network. Scary, but Santamarta was realistic. "We're not crashing airplanes," he explained. "That said, with this attack one can be used to distrupt or modify satellite data links and there are several comm channels in an aircraft that rely on satellite comms."

During his presentation, Santamarta gave two live demos showing off what he'd learned. The second was rather straightforward: he connected to a Hughes satellite radio device and demonstrated how to retrieve and use its hardcoded credentials to log in remotely. He also said that this model responded to SMS commands, one of which could be used to tell the radio to retrieve new firmware. He suggested it would be easy to use this feature to install malicious firmware.

It was disturbing, however, because Santamarta said that this particular model is frequently used by journalists when out in the field. He suggested that the NSA was likely grateful.

His first demo was far more dramatic. He set up a Sailor 6006 Satcom terminal, which resembled a bulky LCD monitor. Santamarta explained that, on a ship, these were used for critical tasks like navigation. They also have a panic button that, when pressed, sends out a distress beacon that is recognized internationally.

Only by virtue of being on the same network, Santamarta tricked the device into downloading and installing malicious firmware that he'd created. After it rebooted, the device appeared to function normally. But when the panic button was pressed, the Sailor 6006 transformed into a virtual slot machine. "Because we are in Vegas," Santamarta explained.

How Bad Is It?Santamarta concluded his talk by running through some of the responses he'd received after disclosing his findings to the device makers. Most were dismissive. One said that his attacks weren't problematic because it required that he be on the same network as the device. "I found one of your vessels on the Internet," countered Santamarta.

Another vendor said that using hardcoded recovery credentials was an industry norm, and therefore not problematic. After attending many (many) sessions at Black Hat, I have to agree with the vendors in part: it's true that these backdoors are common across many industries. But that does not make it okay. Quite the opposite, actually.

Santamarta's presentation is another reminder that we simply cannot assume that devices are secure, or that potential flaws cannot be exploited. In the case of Satcom, let's hope these issues don't go ignored for too long.

Max Eddy is a Software Analyst, taking a critical eye to Android apps and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. When not polishing his tinfoil hat or plumbing the depths of the Dark Web, he can be found working to discern the 100 Best Android Apps.
Prior to PCMag, Max wrote for the International Digital Times, The International Science Times, and The Mary Sue. He has also been known to write for Geek.com. You can follow him on...
More »